When making a business acquisition, the potential of a security risk derailing a deal during an acquisition is quite low. Of course, when firms look to expand the number and types of services they deliver, the first consideration doesn’t usually regard security—instead, you must decide whether to build it or whether to buy it.
Some might say a good decision is based on knowledge and not on numbers.
During a penetration test, the Schellman team often works with development teams, administrators, risk and compliance professionals and information security personnel; however, the initial point of contact for a penetration test may be an individual that isn’t any of those. More and more, someone from the product or procurement team may have the responsibility—or shared responsibility—of having a penetration test performed. While these individuals may understand a timeline for a specific task, they likely do not have full visibility into the entire project. Such circumstances, among others, can trigger one of the biggest challenges frequently seen in planning pen tests—timing.
In the battle for top tech talent, the wrong hire can be devastating. So do your tech team the favor of watching out for these warning signs before offering the job. It’s a hiring worst-case scenario: A job candidate aces every aspect of the interview process, but after joining the company, they can’t get the job done. Or perhaps worse, the new coworker is capable but so disruptive the rest of the team suffers.
In 2018, the year of artificial intelligence, internet of things, blockchain, and big data, it is safe to say more and more companies are emerging to be technology companies. In the last year, a lot of attention has been placed on how automotive companies such as Ford and General Motors are positioning themselves as technology companies.
Hiring managers and recruiters bemoan a soft skills gap in IT, and recent data backs up the sentiment. A LinkedIn report conducted with consulting firm Capgemini found that more employers say their organization lacks soft skills (nearly 60 percent) than hard digital skills (51 percent).
This article details the prevalence of risk acceptance within organizations, why IT security departments may be putting too much confidence in their controls, and how excessive risk acceptance is often cultural. Originally published in the April 2018 issue of the ISSA Journal